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1. Apparatus for blocking an unauthorized access to limited 
access data stored in a fibre channel configuration network 
system including a fabric switdh fibre channel interconnecting 
work stations and data storage/ devices with an internal fibre 
channel arbitrated loop having internal work stations and 
internal data storage systems/ at least one internal data storage 
10 system containing the limited/ access data stored therein, said 

blocking apparatus intercepting data access to the internal data 
storage system containing thje limited access data, said blocking 
□ apparatus comprising: 

l7j a receiving section me^ns for receiving a serialized request 

UJ5 for data from a requestirx^pfeource on a fibre channel from the 
Cj fabric switch and for tr&ns/f doming the serial data to parallel 
^ frames of data; 

a FIFO section for geWent^ally receiving sets of parallel 
_ frames of data from said ide/eiving section and for transmitting 
j§0 the parallel sets of data Ito the target after reserialization; 
s j; a control section including means for individually sensing 

sfl each set of parallel frames of data from said FIFO section, means 
for sensing a start of data frame from one set of the parallel 
frames of data, means for/ comparing individual sets of parallel 
25 frames of data from said /FIFO section after sensing the start of 
frame data to compare another set of frame data from said FIFO 
section to allowed addresses stored in said control section, and 
means for generating IDIJE characters representing no data, said 
control section permitting the transmission of parallel sets of 
30 data frames to the target data store if said comparing means 


senses a match between 
parallel frame of data 


the allowed addresses and the set of 
.n said FIFO section and activating the 
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generating means to transmit IDlfiE characters if no match is 
sensed; and 

a transmitting section undfer control of said control section 
to encode and serialize the parallel sets of data received from 
the FIFO, or to transmit the IIJLE characters if no match is 
sensed. 


transforming the serial da* 
a FIFO section for sec 
frames of data from said 2rec 
the parallel sets of data 


2. Blocking apparatus positioned between a target data storage 
and a hub in a fibre channel arbitrated loop system for stopping 
the unauthorized transmittal <pf data from the target data storage 
to a requesting source, said blocking apparatus comprising: 

a receiving section mearjs for receiving a serialized request 
for data from the requestin^T&ource on a fibre channel and for 

r el frames of data; . : . . 
illy/receiving sets of parallel 
section and for transmitting 
the target data store; 
a control section including means for individually sensing 
each set of parallel frames! of data from said FIFO section, means 
for sensing a start of data frame from one set of the parallel 
frames of data, means for comparing individual sets of parallel 
frames of data from said FIFO section after sensing the start of 
frame data to compare anotper set of frame data from said FIFO 
section to allowed addresses stored in said control section, and 
means for generating IDLE/ characters representing no data, said 
control section permitting the transmission of sets of data 
frames after serialization to the target if said comparing means 
senses a match between tlie allowed addresses and the set of 
parallel frame of data i]fi said FIFO section and activating the 


generating means to tran 
sensed; and 


smit IDLE characters if no match is 
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r control of said control section 
llel sets of data received from 


a transmitting section unde 
to encode and serialize the pare 

the FIFO section if said comparing means senses a match or to 
transmit the IDLE characters if/ no match is sensed. 


3. Blocking apparatus positioned between a fabric switch system 
and a hub in a fibre channel Arbitrated loop system for stopping 
the unauthorized transmittal <hf data from the hub to a requesting 
source in the fabric switch system, said blocking apparatus 
comprising: 

for receiving a serialized request 
on a fibre channel from the 
:he serial data to parallel 


a receiving section m<* 
for data from the requestd/ngl 
fabric switch and for trarisfj: 
frames of data; 

a FIFO section for se\ 


source 


irfiamg 


itially . receiving sets of parallel 
frames of data from said receiving section and for transmitting 
the parallel sets of data to the target after serialization; 

a control section including means for individually sensing 
each set of parallel frames of data from said FIFO section, means 
for sensing a start of data frame from one set of the parallel 
frames of data, means for comparing individual sets of parallel 
frames of data from said FfFO section after sensing the start of 
frame data to compare another set of frame data from said FIFO 
section to allowed addresses stored in said control section, and 


means for generating IDLE 
control section permitting 
frames after serialization 
senses a match between the; 
parallel frame of data in 


characters representing no data, said 
the transmission of sets of data 
to the target if said comparing means 
allowed addresses and the set of 


said FIFO section and activating the 
generating means to transmit IDLE characters if no match is 
sensed; and 
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a transmitting section under control of said control section 
to encode and serialize the parallel sets of data received from 
the FIFO section if said comparing means senses a match or to 
transmit the IDLE characters ifl no match is sensed. 


10 


25 


30 


4. Blocking apparatus positioned between a target data storage 
and a hub in a fibre channel arbitrated loop system for stopping 
the unauthorized transmittal off data from the target data storage 
to a requesting source, said blocking apparatus comprising: 

a serial-to-parallel receiving means connected to a fibre 
channel for receiving a serialized request for data from the 

^channel and for transforming the 


.ltel data 


padkagi 


groups of parallel data from 
£ of set of parallel, frames of 


requesting source on the f 
serial data to groups of p ; 

an encoding means for 
said receiving means into 
data; 

a FIFO section for sequentially receiving and storing sets 
of parallel frames of data flrom said encoding means; 

a control section including an allowed addresses store, an 
allowed address comparing means, means for individually sensing 
each set of parallel frames! of data from said FIFO section, means 
for sensing a start of data! frame from one set of the parallel 
frames of data, and means fjor generating IDLE characters 
representing no data, 

said allowed address domparing means comparing individual 
sets of parallel frames of data from said FIFO section after 
sensing the start of frame data to compare a source address set 
of frame data from said FIFO section to an address stored in said 
allowed addresses store; 

said control section {permitting the transmission of parallel 
sets of data frames from sjaid FIFO section to the target after 
serialization if said allowed address comparing means senses a 
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10 


match between the allowed addresses and the set of parallel frame 
of data in said FIFO section and activating the generating means 
to transmit IDLE characters i l no match is sensed; 

an encoder connected to receive either the data frames from 
the FIFO section or the IDLE /characters from the IDLE character 
generator and to convert the /data frames to smaller groups of 
parallel words; and 

a parallel to serial cofrverter connected to said encoder to 
change the parallel words frlom said decoder to serial data for 
transmission on the fibre cliannel to the target. 


W5 


S! 

lb 


25 


30 


5. Blocking apparatus 
control section further 
address and a target ad 
comparing means compari 
address store of a desti 


mo 


res 


scribed in Claim 4 wherein said 
ans for storing a target 
ing means, said target address 
arget address from said target 
ion identification set of parallel 


ies 


compar: 


frame of data from said FIFO section, said target address 
comparing means activating said allowed address comparing means 


if a match is made in the 
compare the allowed addre^ 
the source address set of 
section, said control sect. 


arget address comparing means to 
s from the allowed addresses store of 
parallel frame data from the FIFO 
ion permitting the transfer of data 
frames from the FIFO section to the target if the target address 
comparing means does not ifaatch the target address to the source 


address set of frame data 


from the FIFO section. 


6. A method for blocking an unauthorized access to limited 
access data stored in a qibre channel configuration network 

switch fibre channel interconnecting 
work stations and data stjorage devices with an internal fibre 
channel arbitrated loop having internal work stations and 
internal data storage syi^tems, at least one internal data storage 
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ccess data stored therein, said 

to the internal data storage 
ccess data, said method comprising 


system containing the limited a 
method intercepting data access, 
system containing the limited 
the steps of: 

accepting serial data frofr a fibre channel connected to a 

hub; 

converting the serial daiba to parallel data; 
encoding the parallel to frames of data; 

sequentially entering tpe parallel frames of data into word 
of data in a FIFO store; 

detecting a start of wdrd data in the FIFO store; 
sensing an upper levear&evice path word from the FIFO store; 


comparing the desti 
address; 


comparing a source <id 


atiqn identifying address to a target 



from the FIFO store if the 
destination identifying ^deress matches the target address, 
otherwise enabling the trarsfer of the frame word to the target; 

comparing a source address word from the FIFO store to 
allowed addresses stored in an allowed address store; 

enabling the transfer of frame data from the FIFO to the 
target if a match is sensed, otherwise, enabling the generation 
of IDLE characters; encodi ig the generated IDLE characters and 
the data from the target into parallel data; 

Lei data into serial data; and 
data signals to a fibre channel 


converting the parall 
directing the serial 


ibre 


7. A method for blocking 
access data stored in a f 
system including a fabric 
work stations and data stc 
channel arbitrated loop hqving 
internal data storage sys 


an unauthorized access to limited 
channel configuration network 
switch fibre channel interconnecting 
rage devices with an internal fibre 
internal work stations and 
at least one internal data storage 


t ems 
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system accessed by a target address and containing the limited 
access data stored therein, said method intercepting data access 
to the internal data storage system containing the limited access 

e steps of 
the fabric switch fibre channel; 
converting the serial datk to parallel data; 
decoding the parallel da da to parallel frames of data; 
sequentially entering th^ parallel frames of data into words 
of data in a FIFO store; 

detecting a start of worfi data in the FIFO store; 


data, said method comprising tlr 
accepting serial data fro: 


sensing an upper level 
comparing the destinat 

channel data to the interna 
comparing a source addl 

allowed addresses stored in 



yice path word from the FIFO store; 

ng address from the fibre 
dress ; 
from the FIFO store to 
allowed address store if the 
destination identifying address matches the internal target 
address, otherwise enabling "he transfer of the frame word to the 
internal target data storage system; 

enabling the transfer of frame data from the FIFO to the 
target if a match is sensed between the source address and the 
target address, otherwise, enabling the transmission of IDLE 
signals; and 

encoding the IDLE sign4ls or the data signals from the FIFO 
store into parallel signals; 

converting the parallel signals into serial data; and 
directing the serial data signals to a fibre channel. 


8. A method for blocking an unauthorized access to limited 
access data stored in a fibfre channel configuration network 
system including a fabric sjwitch fibre channel interconnecting 
work stations and data storage devices with an internal fibre 
channel arbitrated loop having internal work stations and 
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internal data storage systems, at least one internal target data 
storage system accessed by a tkrget address and containing the 
limited access data stored therein, said method intercepting data 
access to the internal target /data storage system containing the 
limited access data, said method comprising the steps of: 
accepting data from the /fabric switch fibre channel; 
comparing a destination /identifying address from the fibre 
channel data to the internal/ target address; 

comparing a source address from a requesting device in the 
fabric switch fibre channel /to allowed addresses stored in an 
allowed address store if Jm$\ destination identifying address 
matches the internal target / address , otherwise enabling the 
transfer of the source a/ddrjb$s to the internal target data 
storage system; 

enabling the trans oer Jo£ information from the requesting 
device to the internal tcteget data storage system if a match is 
sensed between the source address and the target address 
otherwise, enabling the generation of IDLE characters; and 

iracters or the data frames from the 
internal target data storabe system to a fibre channel of the 
fabric switch fibre channel. 


9. An article of manufacture for use in a fibre channel 
configuration network system including a fabric switch fibre 
channel interconnecting wprk stations and data storage devices 
with an internal fibre channel arbitrated loop having internal 
work stations and internall data storage systems, at least one 
internal data storage system accessed by a target address and 
containing the limited aqcess data stored therein, said method 
intercepting data access to the internal data storage system 
containing the limited access data, 
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re comprising a computer-readable 


said article of manufactup 
storage medium tangibly embodying a program of executable 
computer instructions which m4y cause said fibre channel 
configuration network to; 

accept serial data from /the fabric switch fibre channel; 
convert the serial data /to parallel data; 
decode the parallel data to parallel frames of data; 
sequentially enter the /parallel frames of data into words of 
data in a FIFO store; 

detect a start of framjb word data in the FIFO store; 
sense an upper level device path word from the FIFO store; 
compare the destination identifying address from the fibre 
channel data to the internal target address; 

compare a source aidross/word from the FIFO store to allowed 
addresses stored in an allowed address store if the destination 
identifying address matches the internal target address, 
otherwise enable the transfer of the frame word to the internal 
target data storage system; 

enable the transfer Jof frame data from the FIFO to the 
internal target data store if a match is sensed between the 
source address and the target address, otherwise, enable the 
transmission of IDLE characters; 

encode the IDLE signals or the data signals from the 
internal target data store into parallel signals; 

convert the parallel signals into serial data; and 
direct the serial cflata to a fibre channel of the fabric 
switch fibre channel. 


10. An article of manu 


Eacture for use in a fibre channel 


configuration network system including a fabric switch fibre 


channel interconnecting 
with an internal fibre 


work stations and data storage devices 
channel arbitrated loop having internal 
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work stations and internal data/ storage systems, at least one 
internal target data storage system accessed by a target address 
and containing the limited access data stored therein, 

said article of manufacture comprising a computer-readable 
storage medium tangibly embodying a program of executable 
computer instructions which Jtiay cause said fibre channel 
configuration network to intercept data access to the internal 
target data storage system /containing the limited access data, 
said article of manufacture to: 


accept data from t 
compare a destina 
channel data to the i 


(fabric 


lOf 


lident 


compare a source 
fabric switch fibre ch 


adf 


/itch fibre channel; 
Tfying address from the fibre 
irget address ; 
fs from a requesting device in the 
lei to allowed addresses stored in an 
allowed address store i£ the destination identifying address 
matches the internal target address, otherwise enable the 
transfer of the data f^ame to the internal target data storage 
system; 

enable the transfer of said data frame from the requesting 
device to the internal target data storage system if a match is 
sensed between the source address and the target address 
otherwise, enable the generation of IDLE signals; and 


direct the IDLE 
internal target data 
fabric switch fibre 


signals or the data signals from the 
storage system to a fibre channel of the 
channel . 


30 
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